Trust & Compliance

Built for security teams.

Cisora is built for security teams. Here's everything you need to evaluate us as a vendor — legal agreements, sub-processor lists, and our full security posture.

GDPR

Data Processing Addendum

DPA

GDPR-compliant data processing agreement governing how Cisora processes personal data on your behalf.

Commercial

Master Services Agreement

MSA

Standard commercial terms covering services, fees, IP ownership, confidentiality, and liability.

HIPAA

Business Associate Agreement

BAA

HIPAA Business Associate Agreement for customers subject to healthcare data regulations.

Transparency

Sub-processors

Sub-processors

Full list of third-party services Cisora shares data with, including their purpose and data location.

Security overview

  • All data encrypted at rest (AES-256 via AWS RDS) and in transit (TLS 1.2+, managed by AWS ALB + ACM).
  • Strict access controls — production database is in a private VPC subnet with no public internet access.
  • SOC 2 Type I audit in progress. Report available to enterprise customers under NDA.
  • Automated daily RDS snapshots with a 7-day retention window; point-in-time recovery enabled.
  • Comprehensive audit logging of all API calls, authentication events, and configuration changes.
  • We never train AI models on your data or share it with third parties for advertising or analytics.

SOC 2 Type I audit in progress. Report available to enterprise customers under NDA. Full security page →

Need a signed agreement?

Need a signed DPA, a custom MSA, or a BAA for your compliance team? We turn these around fast.

Email legal@cisora.io